var-201512-0382
Vulnerability from variot
Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. The Cisco Emergency Responder real-time location address tracking database and enhanced routing capabilities allow emergency calls to be directly transferred to the appropriate Public Safety Answering Point (PASP) based on the caller's location. A remote attacker could exploit the vulnerability to place files anywhere on the affected device. Exploiting this issue can allow an attacker to gain read access to arbitrary files. Information harvested may aid in launching further attacks. This issue is being tracked by Cisco Bug ID CSCuv21781. The software provides features such as real-time location tracking database and caller's location
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0382",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emergency responder",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.5\\(1.10000.5\\)"
},
{
"model": "emergency responder software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(1.10000.5)"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.5(1.10000.5)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:10.5\\(1.10000.5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6406"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "78816"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
],
"trust": 0.9
},
"cve": "CVE-2015-6406",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-6406",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-08367",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-84367",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6406",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-08367",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-289",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84367",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"db": "VULHUB",
"id": "VHN-84367"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. The Cisco Emergency Responder real-time location address tracking database and enhanced routing capabilities allow emergency calls to be directly transferred to the appropriate Public Safety Answering Point (PASP) based on the caller\u0027s location. A remote attacker could exploit the vulnerability to place files anywhere on the affected device. \nExploiting this issue can allow an attacker to gain read access to arbitrary files. Information harvested may aid in launching further attacks. \nThis issue is being tracked by Cisco Bug ID CSCuv21781. The software provides features such as real-time location tracking database and caller\u0027s location",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"db": "BID",
"id": "78816"
},
{
"db": "VULHUB",
"id": "VHN-84367"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6406",
"trust": 3.4
},
{
"db": "BID",
"id": "78816",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1034384",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-08367",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-84367",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"db": "VULHUB",
"id": "VHN-84367"
},
{
"db": "BID",
"id": "78816"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"id": "VAR-201512-0382",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"db": "VULHUB",
"id": "VHN-84367"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08367"
}
]
},
"last_update_date": "2023-12-18T13:03:20.242000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20151209-ert",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ert"
},
{
"title": "Cisco Emergency Responder Tools Menu Fixes for directory traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59129"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84367"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "NVD",
"id": "CVE-2015-6406"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ert"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/78816"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034384"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6406"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6406"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"db": "VULHUB",
"id": "VHN-84367"
},
{
"db": "BID",
"id": "78816"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"db": "VULHUB",
"id": "VHN-84367"
},
{
"db": "BID",
"id": "78816"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"date": "2015-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-84367"
},
{
"date": "2015-12-10T00:00:00",
"db": "BID",
"id": "78816"
},
{
"date": "2015-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"date": "2015-12-13T03:59:05.147000",
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"date": "2015-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08367"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-84367"
},
{
"date": "2015-12-10T00:00:00",
"db": "BID",
"id": "78816"
},
{
"date": "2015-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006385"
},
{
"date": "2016-12-07T18:20:03.037000",
"db": "NVD",
"id": "CVE-2015-6406"
},
{
"date": "2015-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Emergency Responder of Tools Directory traversal vulnerability in menu",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006385"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-289"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.